Search in sources :

Example 1 with CryptographyClient

use of com.azure.security.keyvault.keys.cryptography.CryptographyClient in project mssql-jdbc by Microsoft.

the class SQLServerColumnEncryptionAzureKeyVaultProvider method AzureKeyVaultWrap.

/**
 * Encrypts the text using specified Azure Key Vault key.
 *
 * @param masterKeyPath
 *        - Azure Key Vault key url.
 * @param encryptionAlgorithm
 *        - Encryption Algorithm.
 * @param columnEncryptionKey
 *        - Plain text Column Encryption Key.
 * @return Returns an encrypted blob or throws an exception if there are any errors.
 * @throws SQLServerException
 */
private byte[] AzureKeyVaultWrap(String masterKeyPath, KeyWrapAlgorithm encryptionAlgorithm, byte[] columnEncryptionKey) throws SQLServerException {
    if (null == columnEncryptionKey) {
        throw new SQLServerException(SQLServerException.getErrString("R_CEKNull"), null);
    }
    CryptographyClient cryptoClient = getCryptographyClient(masterKeyPath);
    WrapResult wrappedKey = cryptoClient.wrapKey(KeyWrapAlgorithm.RSA_OAEP, columnEncryptionKey);
    return wrappedKey.getEncryptedKey();
}
Also used : WrapResult(com.azure.security.keyvault.keys.cryptography.models.WrapResult) CryptographyClient(com.azure.security.keyvault.keys.cryptography.CryptographyClient)

Example 2 with CryptographyClient

use of com.azure.security.keyvault.keys.cryptography.CryptographyClient in project mssql-jdbc by Microsoft.

the class SQLServerColumnEncryptionAzureKeyVaultProvider method getCryptographyClient.

private CryptographyClient getCryptographyClient(String masterKeyPath) throws SQLServerException {
    if (this.cachedCryptographyClients.containsKey(masterKeyPath)) {
        return cachedCryptographyClients.get(masterKeyPath);
    }
    KeyVaultKey retrievedKey = getKeyVaultKey(masterKeyPath);
    CryptographyClient cryptoClient;
    if (null != credential) {
        cryptoClient = new CryptographyClientBuilder().credential(credential).keyIdentifier(retrievedKey.getId()).buildClient();
    } else {
        cryptoClient = new CryptographyClientBuilder().pipeline(keyVaultPipeline).keyIdentifier(retrievedKey.getId()).buildClient();
    }
    cachedCryptographyClients.putIfAbsent(masterKeyPath, cryptoClient);
    return cachedCryptographyClients.get(masterKeyPath);
}
Also used : CryptographyClientBuilder(com.azure.security.keyvault.keys.cryptography.CryptographyClientBuilder) CryptographyClient(com.azure.security.keyvault.keys.cryptography.CryptographyClient) KeyVaultKey(com.azure.security.keyvault.keys.models.KeyVaultKey)

Example 3 with CryptographyClient

use of com.azure.security.keyvault.keys.cryptography.CryptographyClient in project mssql-jdbc by Microsoft.

the class SQLServerColumnEncryptionAzureKeyVaultProvider method AzureKeyVaultVerifySignature.

/**
 * Verifies the given RSA PKCSv1.5 signature.
 *
 * @param dataToVerify
 * @param signature
 * @param masterKeyPath
 *        - Azure Key Vault key url.
 * @return true if signature is valid, false if it is not valid
 * @throws SQLServerException
 */
private boolean AzureKeyVaultVerifySignature(byte[] dataToVerify, byte[] signature, String masterKeyPath) throws SQLServerException {
    assert ((null != dataToVerify) && (0 != dataToVerify.length));
    assert ((null != signature) && (0 != signature.length));
    CryptographyClient cryptoClient = getCryptographyClient(masterKeyPath);
    VerifyResult valid = cryptoClient.verify(SignatureAlgorithm.RS256, dataToVerify, signature);
    return valid.isValid();
}
Also used : CryptographyClient(com.azure.security.keyvault.keys.cryptography.CryptographyClient) VerifyResult(com.azure.security.keyvault.keys.cryptography.models.VerifyResult)

Example 4 with CryptographyClient

use of com.azure.security.keyvault.keys.cryptography.CryptographyClient in project mssql-jdbc by Microsoft.

the class SQLServerColumnEncryptionAzureKeyVaultProvider method AzureKeyVaultUnWrap.

/**
 * Encrypts the text using specified Azure Key Vault key.
 *
 * @param masterKeyPath
 *        - Azure Key Vault key url.
 * @param encryptionAlgorithm
 *        - Encrypted Column Encryption Key.
 * @param encryptedColumnEncryptionKey
 *        - Encrypted Column Encryption Key.
 * @return Returns the decrypted plaintext Column Encryption Key or throws an exception if there are any errors.
 * @throws SQLServerException
 */
private byte[] AzureKeyVaultUnWrap(String masterKeyPath, KeyWrapAlgorithm encryptionAlgorithm, byte[] encryptedColumnEncryptionKey) throws SQLServerException {
    if (null == encryptedColumnEncryptionKey) {
        throw new SQLServerException(SQLServerException.getErrString("R_EncryptedCEKNull"), null);
    }
    if (0 == encryptedColumnEncryptionKey.length) {
        throw new SQLServerException(SQLServerException.getErrString("R_EmptyEncryptedCEK"), null);
    }
    CryptographyClient cryptoClient = getCryptographyClient(masterKeyPath);
    UnwrapResult unwrappedKey = cryptoClient.unwrapKey(encryptionAlgorithm, encryptedColumnEncryptionKey);
    return unwrappedKey.getKey();
}
Also used : CryptographyClient(com.azure.security.keyvault.keys.cryptography.CryptographyClient) UnwrapResult(com.azure.security.keyvault.keys.cryptography.models.UnwrapResult)

Example 5 with CryptographyClient

use of com.azure.security.keyvault.keys.cryptography.CryptographyClient in project mssql-jdbc by Microsoft.

the class SQLServerColumnEncryptionAzureKeyVaultProvider method AzureKeyVaultSignHashedData.

/**
 * Generates signature based on RSA PKCS#v1.5 scheme using a specified Azure Key Vault Key URL.
 *
 * @param dataToSign
 *        - Text to sign.
 * @param masterKeyPath
 *        - Azure Key Vault key url.
 * @return Signature
 * @throws SQLServerException
 */
private byte[] AzureKeyVaultSignHashedData(byte[] dataToSign, String masterKeyPath) throws SQLServerException {
    assert ((null != dataToSign) && (0 != dataToSign.length));
    CryptographyClient cryptoClient = getCryptographyClient(masterKeyPath);
    SignResult signedData = cryptoClient.sign(SignatureAlgorithm.RS256, dataToSign);
    return signedData.getSignature();
}
Also used : SignResult(com.azure.security.keyvault.keys.cryptography.models.SignResult) CryptographyClient(com.azure.security.keyvault.keys.cryptography.CryptographyClient)

Aggregations

CryptographyClient (com.azure.security.keyvault.keys.cryptography.CryptographyClient)13 SignResult (com.azure.security.keyvault.keys.cryptography.models.SignResult)3 CryptographyClientBuilder (com.azure.security.keyvault.keys.cryptography.CryptographyClientBuilder)2 UnwrapResult (com.azure.security.keyvault.keys.cryptography.models.UnwrapResult)2 VerifyResult (com.azure.security.keyvault.keys.cryptography.models.VerifyResult)2 WrapResult (com.azure.security.keyvault.keys.cryptography.models.WrapResult)2 KeyVaultKey (com.azure.security.keyvault.keys.models.KeyVaultKey)2 AzureKeyVault (tech.pegasys.signers.azure.AzureKeyVault)2 SignerInitializationException (tech.pegasys.signers.secp256k1.common.SignerInitializationException)2 JsonWebKey (com.azure.security.keyvault.keys.models.JsonWebKey)1 BigInteger (java.math.BigInteger)1 Bytes (org.apache.tuweni.bytes.Bytes)1 Test (org.junit.jupiter.api.Test)1 ECDSASignature (org.web3j.crypto.ECDSASignature)1 Signature (tech.pegasys.signers.secp256k1.api.Signature)1